Unplugging USB Cyber Threats

Those little connectors can cause big cybersecurity trouble at plants&nbsp;

Updated on Jun 01, 2017

Did you know that USB malware has taken power plants offline, downed turbine control workstations, and caused raw sewage floods?

In fact, malware spread through USBs, short for Universal Serial Bus, was the second leading threat risk to industrial control systems in 2016, according to BSI publications.

To help industrial sites protect against these cyber-threats, Honeywell has introduced the Secure Media Exchange (SMX), which provides simple, multi-layered protection by letting users check their devices. For example, they can check in a USB by plugging it into an SMX Intelligence Gateway to analyze and secure the entire drive or specific files.

The SMX software is also installed on a plant's Windows systems where it can control which USB devices are allowed to connect, prevent unverified USB removable media drives from being mounted, and stop unverified files from being accessed. SMX also keeps a log of USB connectivity and file access, providing essential auditing capabilities in the event of a security breach.

The simplicity and ubiquity of USBs make them one of the most difficult tools to manage at industrial sites. Currently, many plants either ban USBs, which is hard to enforce and reduces productivity, or rely on traditional malware scanning solutions, which are difficult to maintain in an industrial control facility and provide limited protection. These options don’t protect process control networks against the latest threats, nor do they offer any way to handle targeted attacks.

“Industrial operators often have hundreds or thousands of employees and dozens of contractors on site every day,” said Eric Knapp, Cybersecurity chief engineer, Honeywell Process Solutions. “Many, if not most, of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cyber security and—with it—industrial safety.”

Honeywell has one of the largest industrial cybersecurity research capabilities in the process industry, including a dedicated cybersecurity lab near Atlanta and we partner with companies such as Microsoft, Intel Security and Palo Alto Networks to develop new, effective industrial threat detection techniques.